STid websites

Contact

GDPR compliance

More than GDPR compliance…

The boom in process digitalization, big data and the IoT has spurred an exponential increase in data production. The volume of data worldwide has risen to 15 zettabytes and personal data represents a growing share of that total.

The European Union established the General Data Protection Regulation (GDPR) to protect and safeguard its citizens’ personal data. The organizations are now responsible for ensuring that data is used in a reasonable, transparent way , that it is securely stored and that users have easy access to their data along with the ability to review, modify or delete personal information.

Our mission has always been to protect people, along with their goods and their data, by securing their identity and access while enabling the easy , secure supervision of industrial processes and the flow of resources and assets. For more than 20 years, our development policy has been based on open technology and public-key cryptography standards, ensuring that all of our products and solutions comply with current GDPR requirements in complete transparency.

European GDPR Compliance at STid Group

Welcome to High Security

ANSSI logo    CSPN logo   

 

As a forerunner in the field of high-level security – STid was the first manufacturer to receive top-level security certification* from France’s National Cybersecurity Agency (ANSSI) – we were a recognized leader in data protection long before the introduction of the GDPR:

  • We deliver a fully compliant, comprehensive access control systems.
  • We secure organizations’ operations and supply chains.
  • Our products and solutions are certified and audited by independent organizations.
  • Our encryption and authentication methods are based on public algorithms.
  • Our data hosting options offer the highest level of security with all the necessary certifications.
 

*Certified reader: LXSW33EPH57AD1 –ANSSI-CSPN-2013/03 certificate dated March 19, 2013.

GDPR compliance of your access control system

 

GDPR user management at STid Group

User management: the role of organizations

  • Define users and clearances.
  • Define delegations.
  • Maintain dynamic access right management (remote delivery and deletion of access rights).
  

GDPR value chain control at STid Group

Links in the access control value chain: the role of manufacturers and integrators

  • Update systems.
  • Secure data communication and transfers.
  • Secure data storage.
  • Secure data access.
   

GDPR and data at STid Group

Data: the role of organizations

  • Use only the data that is strictly necessary.
  • Allow data owners to access, modify and delete their data at any time.

A compliant, end-to-end solution

STid Group's GDPR's end-to-end solution

  • Web access
    Login/PW
    HTTPS TLS v1.2

 

  • Certified secure servers – CNIL & GDPR compliant

  • Full redundancy,
    2 datacenters

  • Security certifications and MCO 24/7 

  • Encrypted SQL databases, option to provide admin access without access to content
    (differentiated authorization)

 

  • Card download from single-use link via HTTPS TLS v1.2

 

  • Encrypted AES256 and Master Key databases not stored but regenerated after each use and authenticated

 

  • Mutual authentication at each transaction.

  • Single exchange, encrypted
    and signed data.

  • AES-128
    and SHA-2

  • No transit of personal data

 

  • Storage of parameters in EAL5+ certified crypto processor.

  • Self-protection via accelerometer

 

  • Plain or encrypted / signed protocol

  • No transitof personal data

All data transfers are conducted via encrypted communication based on public algorithms that comply with France’s General Security Guidelines (RGS), to ensure the integrity and confidentiality of information exchanges.

Our goal is to help you bring your entire solution into compliance

 

STid is a keylink in the ecosystem of your access control solution.
Since the reader is the only visible part of an access control system, it must withstand the physical and logical attacks of threats
that would compromise secure access to your organization and the confidentiality of your information.

To ensure a secure link to the system, STid has developed the first protocol certified by ANSSI.
With the SSCP protocol, your organization guarantees the confidentiality and integrity of end-to-end information.

 

Certifications by independent bodies

We’re the first manufacturer to receive ANSSI’s top-level security certification (CSPN), and we offer solutions that comply with ANSSI’s leading architecture. We are audited regularly by independent certification bodies, such as Phonesec or as Cogiceo, which verify the security and protection level of our solutions.

Our data and those of our customers are  hosted on two hosting services that set the standard when it comes to security. We require that they meet the most stringent standards on the market:

  • HADs and PCI-DSS certifications, SOC 1 TYPE II / SOC 2 TYPE II attestations and ISO 27001 / 27002 / 27005 standards – Security of hosting, access and processing data and information

  • Protection anti-DDoS – Data access security and durability

  • STAR self-assessment - Cloud Security Alliance - Cloud computing environment security

  • VMware certification and OpenStack Powered – Cloud architecture security certifications from virtualization and cloud computing market leading

  • APSAD certification – Data hosting areas and facilities protection

 Vmware certification logo  CSA logo  AICPA logo

 

Openstack logo PCI logo

Three data storage methods,
one level of compliance

Our customers can choose to have their data hosted in one of three ways:

  • on their own servers*,

  • offline,

  • online on the secure servers operated by our partner hosting services.

As a result, our integrator customers can meet the security policies of even the most demanding organizations while ensuring the very highest level of data protection.

*If the data is hosted on our customers’ local servers or by their own hosting companies, we guarantee the integrity of our security exclusively across the communications chain for which we are responsible.

Picture of a data center - STid Group

Helpful info

Why is it important for companies to comply with the GDPR?

Companies are collecting and processing personal data on an increasingly massive scale. Numerous cases of harmful disclosure have made headlines worldwide, with serious adverse consequences for those involved. It is important for all of us to be able to manage our data security and be assured that our data is protected. The European Union adopted the GDPR for just that purpose. Companies that fail to comply with its provisions can pay a heavy price, including fines of up to 4% of their annual global revenue.

Learn more about the GDPR

 

GDPR at STid Industry